Conference Season is off to a great start with the NZ AML Solutions Summit 2020!
At Murray Waldren Consulting we try our absolute best to get to as many conferences we can to keep up to date with key insights into the world of Financial Crime. This year’s AML Solutions Summit held in New Zealand was moved to a virtual platform due to COVID travel restrictions, but rest assured it did not disappoint. All sessions were highly informative, and the productions seamless.
The Summit provided a fantastic platform to hear from Regulators and practitioners alike on the latest threats and vulnerabilities. Although some sessions had a NZ focus (who can blame them!) the lessons learnt are easily transferable ‘across the ditch’.
So here are a few of our key take away’ s:
Not one, not two but three – NZ’s Regulatory insights
All three of NZ’s AML/CTF Regulators (Financial Markets Authority (FMA), Reserve Bank of NZ (RBNZ) and Department of Internal Affairs (DIA)) highlighted that they continued to see common themes despite the AML/CFT Legislation being in place now for a number of years. This included the basics – risk assessments, customer due diligence, not undertaking adequate due diligence on PEP’s.
As expected, the impacts of COVID 19 were a large focus with the FMA saying they expected to see reduced volumes of new business and transactional activity during the COVID period. As with AUSTRAC, the NZ Regulators have put out some useful guidance for these unusual circumstances that we are all operating in, but they expect entities to document where a risk-based approach has been changed. Entities should also re-visit their approach when things return to “the new normal”. A “Exceptions Register” was suggested as one way to maintain appropriate records during this period.
A consistent theme arising from Regulatory reviews and even a featuring in current enforcement action was the role of the AML/ CTF Compliance Officer. Lack of relevant experience, lack of clear escalation lines and delegated authority in the Compliance Officers absence were repeatedly identified as issues.
Remember, try not to over complicate, it’s the simple things!
Seems the Kiwi’s struggle with the basics just like we do here in Australia. We heard a roll call of topics being discussed with the usual suspects:
Risk assessments – speakers highlighted that the majority of risk assessments reviewed still have issues – with true threats and vulnerabilities for businesses / business types not being clearly articulated and assessed. The key is to assess your inherent risks and then identify and test your control effectiveness. Where you identify controls are inadequate or ineffective – act, conduct training, adjust the control and test again. Terrorism Financing needs to be assessed as a separate risk. National updates to TF threat levels and guidance issued in response to local events need to be analysed and actioned.
The Program – the good old Program template appear to be still getting a good run. While it was agreed templates aren’t in of themselves bad, they should be just a starting point. The need to customise and apply your risk assessment and business context were identified as a consistent gap. Make it relevant to your business – if someone understands why they are doing something its more likely to get done properly. And don’t forget the simple things – maintaining good version control, keeping supporting documents up to date is critical – not only for good compliance but for when the Auditors come asking.
Effective Transaction Monitoring – we might sound like a broken record but for a transaction monitoring program to be effective it must link to your risk assessment. Don’t have customer due diligence and transaction monitoring operate in silo’s – understand how they interrelate. An important reminder from a jurisdiction who has successfully regulated phase 2 entities (the Aussie Tranche 2 equivalent) that Transaction Monitoring doesn’t have to be fully automated. For smaller entities manual monitoring may be appropriate and just as effective.
Good Governance – Good Culture – Senior Management focus should be on how to influence a good culture of compliance and best practice throughout an organisation. Speakers highlighted the importance of understanding “why” AML/CTF is important not just “because compliance says so”. One of our favourite phrases of the conference was “Riskfluenency” meaning the ability to influence risk in the business while compliance culture remains the same. Assurance and oversight activities, good record keeping and following through on addressing issues were all important call outs.
Insights from Independent Audits
In the land of the long white cloud where it is mandatory to have an Independent Audit every two years there are plenty of insights into how to prepare and some common issues. These can be applied equally to your next Independent Review –
Its all in the preparation: Make sure you do some homework – this applies to choosing who your auditor is (choose wisely, do your due diligence, make sure they are independent from your Program) and getting ready for your audit (don’t leave things to the last minute, prep the business). The person undertaking the review needs to be able to navigate through your internal processes to demonstrate effectiveness. Make it as simple as possible for them to do this.
If we’ve told you once, we’ve told you a thousand times: Consistent messages from both practitioners conducting reviews and the recipients (i.e. the Regulators) about issues being identified: don’t tell me – show me! Be able to evidence what you have done and make sure it is consistent with what the Program says you will do. Beneficial owner identification – its hard but it is important – make sure you have an effective process to identify the UBO otherwise the business is potentially at risk. Control testing and oversight if it’s not effective or you’re not sure how much is enough be sure to ask.
PHEW! There is a lot to consider and we hope you found these points useful. We also hope that next year we can attend the Summit in person and catch up with all our Kiwi friends in person.
But for now,
(goodbye and thank you!)